Grouper Permissions allow/deny

DATE and TIME: 5/26/2011 - 10:00

CONVENER: Chris Hyzer

SCRIBE: Mark Rank - UWM

# of ATTENDEES: 23+

MAIN ISSUES DISCUSSED:

--- Demo (Google permissions allow and deny)
---- https://spaces.at.internet2.edu/display/Grouper/Grouper+permissions+allow+and+deny
--- overview of current state permissions for level setting
---- roles
---- action 
---- resources
--- Grouper 2.0 coming at end of summer
--- Algorithm summary on web
---- direct trumps inheritance
---- inherited deny trump inherited accept
---- remember permissions assigned to role not directly to a subject
---- review algorithm details
--- Discussion of accept vs deny (terminology)
---- Concern about terminology 
---- "What are you trying to achieve?"
--- Review some examples
---- used to cut branches out of the resultant set
--- How do we manage the complexity in a UI?
---- Have a fair amount of technical needs for setup
---- strongly need defined roles 
---- leverage UI's to narrow down the options
---- need simpler UI's 
---- demo of simplier custom UI's
--- Is there a tool to test the result of the change?
---- UI does have some tools
--- Some basic GROUPER terminology
--- Demo (Google permissions allow and deny)

---- https://spaces.at.internet2.edu/display/Grouper/Grouper+permissions+allow+and+deny

--- overview of current state permissions for level setting

---- roles

---- action 

---- resources

--- Grouper 2.0 coming at end of summer

--- Algorithm summary on web

---- direct trumps inheritance

---- inherited deny trump inherited accept

---- remember permissions assigned to role not directly to a subject

---- review algorithm details

--- Discussion of accept vs deny (terminology)

---- Concern about terminology 

---- "What are you trying to achieve?"

--- Review some examples

---- used to cut branches out of the resultant set

--- How do we manage the complexity in a UI?

---- Have a fair amount of technical needs for setup

---- strongly need defined roles 

---- leverage UI's to narrow down the options

---- need simpler UI's 

---- demo of simplier custom UI's

--- Is there a tool to test the result of the change?

---- UI does have some tools

--- Some basic GROUPER terminology

--- Deployment mechanisms discussion

--- Concerns about DENY
---- DENY as short circuit for mechanism 
---- Complicated cases will be the norm
---- Historically DENY has issues
--- Concerns about DENY

---- DENY as short circuit for mechanism 

---- Complicated cases will be the norm

---- Historically DENY has issues

-
ACTIVITIES GOING FORWARD / NEXT STEPS
- Looking at agreeing on adopting one of the simpler UI's? 

- Status of maturity of API's?
- What are the use cases for this?
-
If slides are used in the session, please ask presenters to convert their slides to PDF and email them to SteveO@internet2.edu
Thank you!

  • No labels